From d025ac30b9c65a19535c7d6955b084960b4d0621 Mon Sep 17 00:00:00 2001 From: lalber Date: Mon, 8 Mar 2021 18:27:55 +0100 Subject: First version of feature --- .../controller/ProtocolFinalizationController.java | 84 ++++++++++++++++++---- 1 file changed, 70 insertions(+), 14 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 4ff41836..f0be9a5e 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -19,20 +19,6 @@ package at.gv.egiz.eaaf.core.impl.idp.controller; -import java.io.IOException; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.apache.commons.text.StringEscapeUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.util.SerializationUtils; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; - import at.gv.egiz.components.eventlog.api.EventConstants; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; @@ -42,6 +28,18 @@ import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; +import org.apache.commons.text.StringEscapeUtils; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Controller; +import org.springframework.util.SerializationUtils; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestMethod; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; /** * Protocol finialization end-point. @@ -54,11 +52,68 @@ public class ProtocolFinalizationController extends AbstractController { private static final Logger log = LoggerFactory.getLogger(ProtocolFinalizationController.class); public static final String ENDPOINT_FINALIZEPROTOCOL = "finalizeAuthProtocol"; public static final String ENDPOINT_ERRORHANDLING = "errorHandling"; + public static final String ENDPOINT_ERROR_REDIRECT = "errorRedirect"; @Autowired(required = true) IRequestStorage requestStorage; @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = { RequestMethod.GET, RequestMethod.POST }) + public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) + throws EaafException, IOException { + + final String errorToken = + StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + if (errorToken != null) { + IRequest pendingReq = null; + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + log.debug("Searching exception with internal error-token: {}", errorId); + + // load stored exception from database + final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class); + if (containerSerialized != null) { + // remove exception if it was found + transactionStorage.remove(errorId); + log.trace("Find exception with internal error-token: {}", errorId); + + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, + // Arrays.asList( + // ExceptionContainer.class.getName() + // )); + final Object containerObj = SerializationUtils.deserialize(containerSerialized); + + if (containerObj instanceof ExceptionContainer) { + final ExceptionContainer container = (ExceptionContainer) containerObj; + final Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); + + if (pendingReq != null) { + + } + } + } + } catch (Exception e) { + } + } + + //TODO finish +// final Class clazz = Class.forName(req.requestedModule()); +// +// if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { +// log.error( +// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); +// throw new ClassCastException( +// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); +// +// } +// +// final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); +// +// handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest); + + } + /** * End-Point to handle errors. * @@ -67,6 +122,7 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ + // TODO reuse for the redirection to SP or own enpoint @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST }) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { -- cgit v1.2.3 From b8119f581482297d3142d2a4c6b0405a15afaa26 Mon Sep 17 00:00:00 2001 From: lalber Date: Wed, 10 Mar 2021 10:24:40 +0100 Subject: Second version of feature --- .../controller/ProtocolFinalizationController.java | 107 +++++++++++---------- 1 file changed, 54 insertions(+), 53 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index f0be9a5e..37aab8df 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -15,7 +15,7 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.gv.egiz.eaaf.core.impl.idp.controller; @@ -25,6 +25,7 @@ import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; @@ -45,7 +46,6 @@ import java.io.IOException; * Protocol finialization end-point. * * @author tlenz - * */ @Controller public class ProtocolFinalizationController extends AbstractController { @@ -56,14 +56,14 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired(required = true) IRequestStorage requestStorage; - @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + @Autowired + IPendingRequestIdGenerationStrategy requestIdValidationStragegy; - @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = { RequestMethod.GET, RequestMethod.POST }) + @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST}) public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { - final String errorToken = - StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); if (errorToken != null) { IRequest pendingReq = null; try { @@ -89,29 +89,34 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq = container.getPendingRequest(); if (pendingReq != null) { + //TODO finish + final Class clazz = Class.forName(pendingReq.requestedModule()); + + if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { + log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + throw new ClassCastException( + "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + + } + final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + + handlingModule.generateErrorMessage(throwable, req, resp, pendingReq); } } } - } catch (Exception e) { + } catch (Throwable e) { + log.error(e.getMessage(), e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + } finally { + // remove pending-request + if (pendingReq != null) { + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } } } - - //TODO finish -// final Class clazz = Class.forName(req.requestedModule()); -// -// if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { -// log.error( -// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); -// throw new ClassCastException( -// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); -// -// } -// -// final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); -// -// handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest); - } /** @@ -123,32 +128,30 @@ public class ProtocolFinalizationController extends AbstractController { * @throws IOException In case of a servlet error */ // TODO reuse for the redirection to SP or own enpoint - @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST }) + @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET, RequestMethod.POST}) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // receive an authentication error - final String errorToken = - StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); if (errorToken != null) { IRequest pendingReq = null; - try { - String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); log.debug("Searching exception with internal error-token: {}", errorId); - + // load stored exception from database - final byte[] containerSerialized = - transactionStorage.get(errorId, byte[].class); + final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class); if (containerSerialized != null) { // remove exception if it was found transactionStorage.remove(errorId); log.trace("Find exception with internal error-token: {}", errorId); - + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, // Arrays.asList( // ExceptionContainer.class.getName() // )); final Object containerObj = SerializationUtils.deserialize(containerSerialized); - + if (containerObj instanceof ExceptionContainer) { final ExceptionContainer container = (ExceptionContainer) containerObj; final Throwable throwable = container.getExceptionThrown(); @@ -157,7 +160,7 @@ public class ProtocolFinalizationController extends AbstractController { if (pendingReq != null) { //set MDC variables TransactionIdUtils.setAllLoggingVariables(pendingReq); - + // build protocol-specific error message if possible protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); @@ -170,17 +173,17 @@ public class ProtocolFinalizationController extends AbstractController { } } else { - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), - req, resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), req, + resp, false); } } else { log.info("Find no exception with internal error-token: {}", errorId); - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), - req, resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), + req, resp, false); } @@ -192,11 +195,10 @@ public class ProtocolFinalizationController extends AbstractController { // remove pending-request if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, - pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); } - + //remove all Logger variables TransactionIdUtils.removeAllLoggingVariables(); @@ -204,9 +206,9 @@ public class ProtocolFinalizationController extends AbstractController { } else { log.debug("Request contains NO ErrorId"); - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, - resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, + resp, false); } @@ -220,7 +222,7 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ - @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = { RequestMethod.GET }) + @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET}) public void finalizeAuthProtocol(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { @@ -232,19 +234,18 @@ public class ProtocolFinalizationController extends AbstractController { if (pendingReq == null) { log.error("No PendingRequest with ID " + pendingRequestID + " found.!"); protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, - new Object[] { pendingRequestID, }), - req, resp, false); + new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{pendingRequestID,}), req, + resp, false); } else { //set MDC variables TransactionIdUtils.setAllLoggingVariables(pendingReq); - + //perform protocol finalization steps protAuthService.finalizeAuthentication(req, resp, pendingReq); - + } - + } } -- cgit v1.2.3 From b8d3937a99e54036be491b5df606ab6c5a81f480 Mon Sep 17 00:00:00 2001 From: lalber Date: Fri, 12 Mar 2021 16:11:07 +0100 Subject: added some error Handling --- .../eaaf/core/impl/idp/controller/ProtocolFinalizationController.java | 2 -- 1 file changed, 2 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 37aab8df..26feb3db 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -89,7 +89,6 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq = container.getPendingRequest(); if (pendingReq != null) { - //TODO finish final Class clazz = Class.forName(pendingReq.requestedModule()); if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { @@ -127,7 +126,6 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ - // TODO reuse for the redirection to SP or own enpoint @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET, RequestMethod.POST}) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { -- cgit v1.2.3 From 5bd780462933b439d2e323c18a5404da60e764a5 Mon Sep 17 00:00:00 2001 From: lalber Date: Tue, 16 Mar 2021 14:45:30 +0100 Subject: add some Junit fixes and other spotbug based ones --- .../core/impl/idp/controller/ProtocolFinalizationController.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 26feb3db..acb9b84c 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -59,6 +59,13 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + /** + * Handles incoming requests for redirects to IDP. + * @param req http request + * @param resp http response + * @throws EaafException In case of an internal error + * @throws IOException In case of a servlet error + */ @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST}) public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { -- cgit v1.2.3 From bf258e421c55baf64eb9bb30b95e4d29bfdef5eb Mon Sep 17 00:00:00 2001 From: lalber Date: Sun, 21 Mar 2021 12:52:27 +0100 Subject: Junit fixes --- .../idp/controller/ProtocolFinalizationController.java | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index acb9b84c..20f4c6ea 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -28,6 +28,7 @@ import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; import org.apache.commons.text.StringEscapeUtils; import org.slf4j.Logger; @@ -59,6 +60,7 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + /** * Handles incoming requests for redirects to IDP. * @param req http request @@ -96,16 +98,8 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq = container.getPendingRequest(); if (pendingReq != null) { - final Class clazz = Class.forName(pendingReq.requestedModule()); - - if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { - log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new ClassCastException( - "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - - } - - final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + IModulInfo handlingModule = ProtocolAuthenticationService + .extractShibbolethHandling(pendingReq, applicationContext); handlingModule.generateErrorMessage(throwable, req, resp, pendingReq); } -- cgit v1.2.3 From 4e9499a1c39498f8646799e947e38f5f491c1428 Mon Sep 17 00:00:00 2001 From: lalber Date: Mon, 8 Mar 2021 18:27:55 +0100 Subject: First version of feature --- .../controller/ProtocolFinalizationController.java | 60 ++++++++++++++++++++++ 1 file changed, 60 insertions(+) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index b2130fb4..13a93e73 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -56,11 +56,70 @@ public class ProtocolFinalizationController extends AbstractController { EaafConstants.ENDPOINT_PREFIX_SECURED + "/finalizeAuthProtocol"; public static final String ENDPOINT_ERRORHANDLING = EaafConstants.ENDPOINT_PREFIX_SECURED + "/errorHandling"; + public static final String ENDPOINT_ERROR_REDIRECT = + EaafConstants.ENDPOINT_PREFIX_SECURED + "errorRedirect"; + @Autowired(required = true) IRequestStorage requestStorage; @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = { RequestMethod.GET, RequestMethod.POST }) + public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) + throws EaafException, IOException { + + final String errorToken = + StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + if (errorToken != null) { + IRequest pendingReq = null; + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + log.debug("Searching exception with internal error-token: {}", errorId); + + // load stored exception from database + final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class); + if (containerSerialized != null) { + // remove exception if it was found + transactionStorage.remove(errorId); + log.trace("Find exception with internal error-token: {}", errorId); + + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, + // Arrays.asList( + // ExceptionContainer.class.getName() + // )); + final Object containerObj = SerializationUtils.deserialize(containerSerialized); + + if (containerObj instanceof ExceptionContainer) { + final ExceptionContainer container = (ExceptionContainer) containerObj; + final Throwable throwable = container.getExceptionThrown(); + pendingReq = container.getPendingRequest(); + + if (pendingReq != null) { + + } + } + } + } catch (Exception e) { + } + } + + //TODO finish +// final Class clazz = Class.forName(req.requestedModule()); +// +// if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { +// log.error( +// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); +// throw new ClassCastException( +// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); +// +// } +// +// final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); +// +// handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest); + + } + /** * End-Point to handle errors. * @@ -69,6 +128,7 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ + // TODO reuse for the redirection to SP or own enpoint @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST }) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { -- cgit v1.2.3 From c8873b5d8fbd5dd2ae7b35e6426f36bc42e107a0 Mon Sep 17 00:00:00 2001 From: lalber Date: Wed, 10 Mar 2021 10:24:40 +0100 Subject: Second version of feature --- .../controller/ProtocolFinalizationController.java | 108 +++++++++++---------- 1 file changed, 55 insertions(+), 53 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 13a93e73..e81b9058 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -15,10 +15,11 @@ * This product combines work with different licenses. See the "NOTICE" text file for details on the * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative * works that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.gv.egiz.eaaf.core.impl.idp.controller; + import java.io.IOException; import javax.servlet.http.HttpServletRequest; @@ -39,6 +40,7 @@ import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; @@ -47,7 +49,6 @@ import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; * Protocol finialization end-point. * * @author tlenz - * */ @Controller public class ProtocolFinalizationController extends AbstractController { @@ -62,14 +63,14 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired(required = true) IRequestStorage requestStorage; - @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + @Autowired + IPendingRequestIdGenerationStrategy requestIdValidationStragegy; - @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = { RequestMethod.GET, RequestMethod.POST }) + @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST}) public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { - final String errorToken = - StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); if (errorToken != null) { IRequest pendingReq = null; try { @@ -95,29 +96,34 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq = container.getPendingRequest(); if (pendingReq != null) { + //TODO finish + final Class clazz = Class.forName(pendingReq.requestedModule()); + + if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { + log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + throw new ClassCastException( + "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); + } + + final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + + handlingModule.generateErrorMessage(throwable, req, resp, pendingReq); } } } - } catch (Exception e) { + } catch (Throwable e) { + log.error(e.getMessage(), e); + protAuthService.handleErrorNoRedirect(e, req, resp, false); + } finally { + // remove pending-request + if (pendingReq != null) { + requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); + + } } } - - //TODO finish -// final Class clazz = Class.forName(req.requestedModule()); -// -// if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { -// log.error( -// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); -// throw new ClassCastException( -// "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); -// -// } -// -// final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); -// -// handlingModule.generateErrorMessage(throwable, req, resp, protocolRequest); - } /** @@ -129,32 +135,30 @@ public class ProtocolFinalizationController extends AbstractController { * @throws IOException In case of a servlet error */ // TODO reuse for the redirection to SP or own enpoint - @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = { RequestMethod.GET, RequestMethod.POST }) + @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET, RequestMethod.POST}) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { // receive an authentication error - final String errorToken = - StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); + final String errorToken = StringEscapeUtils.escapeHtml4(req.getParameter(EaafConstants.PARAM_HTTP_ERROR_CODE)); if (errorToken != null) { IRequest pendingReq = null; - try { - String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); + try { + String errorId = requestIdValidationStragegy.validateAndGetPendingRequestId(errorToken); log.debug("Searching exception with internal error-token: {}", errorId); - + // load stored exception from database - final byte[] containerSerialized = - transactionStorage.get(errorId, byte[].class); + final byte[] containerSerialized = transactionStorage.get(errorId, byte[].class); if (containerSerialized != null) { // remove exception if it was found transactionStorage.remove(errorId); log.trace("Find exception with internal error-token: {}", errorId); - + //final Object containerObj = EaafSerializationUtils.deserialize(containerSerialized, // Arrays.asList( // ExceptionContainer.class.getName() // )); final Object containerObj = SerializationUtils.deserialize(containerSerialized); - + if (containerObj instanceof ExceptionContainer) { final ExceptionContainer container = (ExceptionContainer) containerObj; final Throwable throwable = container.getExceptionThrown(); @@ -163,7 +167,7 @@ public class ProtocolFinalizationController extends AbstractController { if (pendingReq != null) { //set MDC variables TransactionIdUtils.setAllLoggingVariables(pendingReq); - + // build protocol-specific error message if possible protAuthService.buildProtocolSpecificErrorResponse(throwable, req, resp, pendingReq); @@ -176,17 +180,17 @@ public class ProtocolFinalizationController extends AbstractController { } } else { - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), - req, resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_GENERIC, null), req, + resp, false); } } else { log.info("Find no exception with internal error-token: {}", errorId); - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), - req, resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), + req, resp, false); } @@ -198,11 +202,10 @@ public class ProtocolFinalizationController extends AbstractController { // remove pending-request if (pendingReq != null) { requestStorage.removePendingRequest(pendingReq.getPendingRequestId()); - revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, - pendingReq.getUniqueTransactionIdentifier()); + revisionsLogger.logEvent(EventConstants.TRANSACTION_DESTROYED, pendingReq.getUniqueTransactionIdentifier()); } - + //remove all Logger variables TransactionIdUtils.removeAllLoggingVariables(); @@ -210,9 +213,9 @@ public class ProtocolFinalizationController extends AbstractController { } else { log.debug("Request contains NO ErrorId"); - protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, - resp, false); + protAuthService + .handleErrorNoRedirect(new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_NOPENDIGREQID, null), req, + resp, false); } @@ -226,7 +229,7 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ - @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = { RequestMethod.GET }) + @RequestMapping(value = ENDPOINT_FINALIZEPROTOCOL, method = {RequestMethod.GET}) public void finalizeAuthProtocol(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { @@ -239,19 +242,18 @@ public class ProtocolFinalizationController extends AbstractController { log.info("PendingReqId was valid but no PendingRequest with ID: {}. Looks already used", pendingRequestID); protAuthService.handleErrorNoRedirect( - new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, - new Object[] { pendingRequestID, }), - req, resp, false); + new EaafException(IStatusMessenger.CODES_INTERNAL_ERROR_AUTH_TIMEOUT, new Object[]{pendingRequestID,}), req, + resp, false); } else { //set MDC variables TransactionIdUtils.setAllLoggingVariables(pendingReq); - + //perform protocol finalization steps protAuthService.finalizeAuthentication(req, resp, pendingReq); - + } - + } } -- cgit v1.2.3 From 9b5b4233e0ffbcd62de74770a492e24c3efe9b05 Mon Sep 17 00:00:00 2001 From: lalber Date: Fri, 12 Mar 2021 16:11:07 +0100 Subject: added some error Handling --- .../eaaf/core/impl/idp/controller/ProtocolFinalizationController.java | 2 -- 1 file changed, 2 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index e81b9058..9b7b0a02 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -96,7 +96,6 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq = container.getPendingRequest(); if (pendingReq != null) { - //TODO finish final Class clazz = Class.forName(pendingReq.requestedModule()); if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { @@ -134,7 +133,6 @@ public class ProtocolFinalizationController extends AbstractController { * @throws EaafException In case of an internal error * @throws IOException In case of a servlet error */ - // TODO reuse for the redirection to SP or own enpoint @RequestMapping(value = ENDPOINT_ERRORHANDLING, method = {RequestMethod.GET, RequestMethod.POST}) public void errorHandling(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { -- cgit v1.2.3 From faa131a65b46a5c42a7b6b85e0ff3b414c93bea5 Mon Sep 17 00:00:00 2001 From: lalber Date: Tue, 16 Mar 2021 14:45:30 +0100 Subject: add some Junit fixes and other spotbug based ones --- .../core/impl/idp/controller/ProtocolFinalizationController.java | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index 9b7b0a02..d874cff6 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -66,6 +66,13 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + /** + * Handles incoming requests for redirects to IDP. + * @param req http request + * @param resp http response + * @throws EaafException In case of an internal error + * @throws IOException In case of a servlet error + */ @RequestMapping(value = ENDPOINT_ERROR_REDIRECT, method = {RequestMethod.GET, RequestMethod.POST}) public void errorRedirect(final HttpServletRequest req, final HttpServletResponse resp) throws EaafException, IOException { -- cgit v1.2.3 From ae6d01d3eef70fb5892430aee88438dc15c02cf9 Mon Sep 17 00:00:00 2001 From: lalber Date: Sun, 21 Mar 2021 12:52:27 +0100 Subject: Junit fixes --- .../idp/controller/ProtocolFinalizationController.java | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java') diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java index d874cff6..90d8a28d 100644 --- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java +++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/controller/ProtocolFinalizationController.java @@ -43,6 +43,7 @@ import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; import at.gv.egiz.eaaf.core.api.idp.IModulInfo; import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService; import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils; /** @@ -66,6 +67,7 @@ public class ProtocolFinalizationController extends AbstractController { @Autowired IPendingRequestIdGenerationStrategy requestIdValidationStragegy; + /** * Handles incoming requests for redirects to IDP. * @param req http request @@ -103,16 +105,8 @@ public class ProtocolFinalizationController extends AbstractController { pendingReq = container.getPendingRequest(); if (pendingReq != null) { - final Class clazz = Class.forName(pendingReq.requestedModule()); - - if (clazz == null || !IModulInfo.class.isAssignableFrom(clazz)) { - log.error("Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - throw new ClassCastException( - "Requested protocol module Class is NULL or does not implement the IModulInfo interface."); - - } - - final IModulInfo handlingModule = (IModulInfo) applicationContext.getBean(clazz); + IModulInfo handlingModule = ProtocolAuthenticationService + .extractShibbolethHandling(pendingReq, applicationContext); handlingModule.generateErrorMessage(throwable, req, resp, pendingReq); } -- cgit v1.2.3